NinjaFirewall – wp-expert

NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins

Posted on 22 February 2024 by

In our testing of WordPress firewall plugins, the NinjaFirewall plugin has been the best free option. It turns out it does something else where it isn’t so good. That would be warning about vulnerable plugins. We recently noticed the developer Continue reading NinjaFirewall is Providing Misleading Information on Vulnerable WordPress Plugins→

Five WordPress Security Plugins Prevented Exploitation of Serious Vulnerability in Another Security Plugin

Posted on 2 January 2024 by

One of the things that should have long ago raised a lot of alarm about the state of the WordPress security industry is how often security plugins are found to contain vulnerabilities. Instead, it has been treated as evidence that Continue reading Five WordPress Security Plugins Prevented Exploitation of Serious Vulnerability in Another Security Plugin→

NinjaFirewall’s Rule For Vulnerability Doesn’t Really Add Much Protection

Posted on 20 December 2023 by

We recently looked at yet another example of the limited value that rules written for specific WordPress plugin vulnerabilities offered with the Wordfence Security plugin. But what about the other firewall plugin that has rules being written for it, NinjaFirewall? Continue reading NinjaFirewall’s Rule For Vulnerability Doesn’t Really Add Much Protection→

How WordPress Firewall Plugins Could Have Stopped Recently Fixed Vulnerability in Elementor

Posted on 12 December 2023 by

Last week, we took a look at the first and second attempt to fix an authenticated arbitrary file upload vulnerability in the 5+ million install WordPress plugin Elementor. With a situation like that, one of the questions for security providers Continue reading How WordPress Firewall Plugins Could Have Stopped Recently Fixed Vulnerability in Elementor→

Wordfence Security Still More Than Doubles Peak Memory Usage Over WordPress By Itself

Posted on 12 December 2023 by

In October 2021, we found that the Wordfence Security plugin for WordPress more than double the peak memory usage over WordPress by itself. That compared to a minimal memory increase by the two WordPress firewall plugins that provided more protection Continue reading Wordfence Security Still More Than Doubles Peak Memory Usage Over WordPress By Itself→

WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That

Posted on 20 November 2023 by

Last week, we noted that the marketing for the Wordfence Security plugin was promoting its firewall as being the industry leader, despite that not being supported by them with anything whatsoever and objective testing showing that being far from the Continue reading WordPress Firewall Plugins Protect Against Vulnerability Without Rule Needed for Wordfence Security To Do That→

Combining WordPress Security Plugins Doesn’t Provide Better Protection Than One Better Plugin

Posted on 16 November 2023 by

It isn’t uncommon to see people asking the developers of WordPress security plugins if they can be used alongside another security plugin. That often seems like an odd question, as the two plugins being asked about are all-in-one security plugins Continue reading Combining WordPress Security Plugins Doesn’t Provide Better Protection Than One Better Plugin→

How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t

Posted on 7 November 2023 by

When it comes to protecting WordPress websites from being hacked through vulnerabilities in plugins, the solution is often simply keeping plugins up to date. But that doesn’t work when a hacker finds a vulnerability and starts exploiting it, otherwise known Continue reading How a WordPress Firewall Plugin Stops Exploitation of Zero-Day That Automattic’s Jetpack Didn’t→

3 WordPress Firewall Plugins Stop Recent Widely Exploit Vulnerability in tagDiv Composer Plugin

Posted on 16 October 2023 by

Last week there were a spate of largely unhelpful new stories run about websites getting hacked through an already fixed vulnerability in a WordPress plugin not available through the WordPress Plugin Directory, tagDiv Composer. There is a lot that could Continue reading 3 WordPress Firewall Plugins Stop Recent Widely Exploit Vulnerability in tagDiv Composer Plugin→

NinjaFirewall Joins Plugin Vulnerabilities Firewall in Providing Protection Against WordPress User Deletion Vulnerabilities

Posted on 30 August 2023 by

One of the ways we measure how much protection that WordPress security plugins provide against the real threat of vulnerabilities in other WordPress plugins, is to run software we have designed to make sure that our own firewall plugin’s protection Continue reading NinjaFirewall Joins Plugin Vulnerabilities Firewall in Providing Protection Against WordPress User Deletion Vulnerabilities→

Some WordPress Firewall Plugins Provide No Zero-Day Protection Without Additional Configuration

Posted on 6 July 2023 by

One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading Some WordPress Firewall Plugins Provide No Zero-Day Protection Without Additional Configuration→

NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day

Posted on 30 June 2023 by

Among the common, but inaccurate, security advice you will hear is that WordPress won’t get hacked if you take basic security measures, including keeping plugins up to date. While doing the basics is really important, the reality is that keeping Continue reading NinjaFirewall and Plugin Vulnerabilities Firewall Are Only WordPress Security Plugins That Protected Against Recent Zero Day→

WordPress Firewall Plugins Are Barely Improving the Zero-Day Protection They Offer

Posted on 16 June 2023 by

One method we have to measure the protection that WordPress firewall plugins offer is part of the regression testing software for our own firewall plugin. That software allows us to make sure the default protection against zero-days, which are vulnerabilities Continue reading WordPress Firewall Plugins Are Barely Improving the Zero-Day Protection They Offer→

WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities

Posted on 7 June 2023 by

Last week, we ran across a vulnerability in a WordPress plugin that would allow an attacker to delete all the website’s WordPress user accounts, which would be nasty if exploited by an attacker. The ability to easily exploit the vulnerability Continue reading WordPress Firewall Plugins Lack Protection Against Arbitrary User Deletion Vulnerabilities→

Wordfence Security Returns to Third Place in May Test of WordPress Security Plugins’ Zero-Day Protection

Posted on 1 May 2023 by

While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Returns to Third Place in May Test of WordPress Security Plugins’ Zero-Day Protection→

Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability

Posted on 13 March 2023 by

In late January, an unfixed vulnerability in a WordPress plugin with 40,000+ installs started to receive widespread exploitation attempts and many websites were hacked. The hacking was in part caused by multiple WordPress security providers, including Wordfence, WPScan, and Patchstack, Continue reading Only 25% of WordPress Security Plugins Protected Against Widely Exploited Plugin Vulnerability→

Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It

Posted on 6 March 2023 by

Last week, Wordfence disclosed the details of an authenticated persistent cross-site scripting (XSS) vulnerability they had found in a popular WordPress plugin with 3+ million installs (as well as something else that wasn’t really a vulnerability). There were some things Continue reading Here Are the 4 WordPress Security Plugins That Protected Against a Vulnerability Wordfence Failed to Protect Against Despite Having Discovered It→

WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability

Posted on 8 February 2023 by

A month ago, we saw a hacker looking to exploit a vulnerability that had recently been fixed in the WordPress plugin User Verification. That vulnerability discovered by Lana Codes involved the plugin’s functionality to email a one-time password for logging Continue reading WordPress Security Plugins Don’t Prevent Disclosure of One-Time Password Through Exploited Plugin Vulnerability→

Wordfence Security Falls to Fourth Place in December Test of WordPress Security Plugins’ Zero-Day Protection

Posted on 2 December 2022 by

While developing our WordPress firewall plugin, we created regression testing software to make sure that, as we updated that; we didn’t break existing protection, which is something at least one other developer hasn’t done. What we realized once we started Continue reading Wordfence Security Falls to Fourth Place in December Test of WordPress Security Plugins’ Zero-Day Protection→

How to Avoid Wordfence Premium Price Increase While Getting Better Real-Time Protection for Free

Posted on 2 November 2022 by

Last week, the WordPress security provider Wordfence announced a significant price increase for their Wordfence Premium service. What they didn’t provide was any explanation of what was causing their cost for the service to increase, which they needed to pass Continue reading How to Avoid Wordfence Premium Price Increase While Getting Better Real-Time Protection for Free→

M	T	W	T	F	S	S
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31